Configure JSON web token (JWT) API authentication

In this topic, you learn how to set up authentication via a JSON web token (JWT) and how to configure it in your Cockpit. You must perform multiple tasks to enable the connection.

Prerequisites

  • You have registered the Neptune DXP - Open Edition in the Microsoft Entra admin center. Find more information about how to register an app on Microsoft documentation.

  • You know the tenant ID from the Microsoft Entra admin center for your Neptune DXP - Open Edition.

Procedure

  1. In the Cockpit, go to Settings, and select System Settings.

  2. In the Authentication tab, select Edit.

  3. Select + Add and select JWT.

    Result: The Authentication window opens.

  4. In JWT Validation, fill in or select the following fields:

    1. Enter a Name for the authentication.

    2. Select Active to activate this authentication method.

    3. Enter a Description.

    4. Enter a Path to retrieve a Neptune DXP - Open Edition session, for example, /user/logon/jwt/(path). You can add any string as a path.

    5. You can add an Issuer validation.

    6. You can add an Audience validation.

    7. In Secret, add a secret key for the validation if no JSON web key set (JWKS) URL is provided.

      Jwks Url

      Add the URL that leads to the JWKS. For example:

      https://login.microsoftonline.com/<tenantid>/discovery/v2.0/keys
    8. In Proxy for Jwks Url, add a proxy for your JWKS URL, you can add any string.

    9. Set a token header field in Override default Jwt Extraction Method - From Authorization Header as Bearer Token

  5. In Claims Assignment, select Add to add claims assignments.

  6. If required, in Auto Assignment, assign roles and groups that you have defined in the Role and Security Group tools in the Cockpit.

  7. Select OK to save your input.

    Result: The Authentication dialog closes.

  8. In System Settings, select Restart to activate JSON web token authentication.

Results

  • You have configured and activated a JWT authentication.